Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- /*
- * [OPTIONAL] Non-Core Modules
- *
- * The following blocks are used to load all non-core modules, including 3rd-party modules.
- * Modules can be prevented from loading by commenting out the line, other modules can be added by
- * adding a module block. These modules will be loaded prior to Services connecting to your network.
- *
- * Note that some of these modules are labeled EXTRA, and must be enabled prior to compiling by
- * running the 'extras' script on Linux and UNIX.
- */
- /*
- * help
- *
- * Provides the command generic/help.
- *
- * This is a generic help command that can be used with any client.
- */
- module { name = "help" }
- /*
- * m_dns
- *
- * Adds support for the DNS protocol. By itself this module does nothing useful,
- * but other modules such as m_dnsbl and os_dns require this.
- */
- #module
- {
- name = "m_dns"
- /*
- * The nameserver to use for resolving hostnames, must be an IP or a resolver configuration file.
- * The below should work fine on all unix like systems. Windows users will have to find their nameservers
- * from ipconfig /all and put the IP here.
- */
- nameserver = "/etc/resolv.conf"
- #nameserver = "127.0.0.1"
- /*
- * How long to wait in seconds before a DNS query has timed out.
- */
- timeout = 5
- /* Only edit below if you are expecting to use os_dns or otherwise answer DNS queries. */
- /*
- * The IP and port services use to listen for DNS queries.
- * Note that ports less than 1024 are privileged on UNIX/Linux systems, and
- * require Anope to be started as root. If you do this, it is recommended you
- * set options:user and options:group so Anope can change users after binding
- * to this port.
- */
- ip = "0.0.0.0"
- port = 53
- /*
- * SOA record information.
- */
- /* E-mail address of the DNS administrator. */
- admin = "admin@example.com"
- /* This should be the names of the public facing nameservers serving the records. */
- nameservers = "ns1.example.com ns2.example.com"
- /* The time slave servers are allowed to cache. This should be reasonably low
- * if you want your records to be updated without much delay.
- */
- refresh = 3600
- /* A notify block. There should probably be one per nameserver listed in 'nameservers'.
- */
- notify
- {
- ip = "192.0.2.0"
- port = 53
- }
- }
- /*
- * m_dnsbl
- *
- * Allows configurable DNS blacklists to check connecting users against. If a user
- * is found on the blacklist they will be immediately banned. This is a crucial module
- * to prevent bot attacks.
- */
- #module
- {
- name = "m_dnsbl"
- /*
- * If set, Services will check clients against the DNSBLs when services connect to its uplink.
- * This is not recommended, and on large networks will open a very large amount of DNS queries.
- * Whilst services are not drastically affected by this, your nameserver/DNSBL might care.
- */
- check_on_connect = no
- /*
- * If set, Services will check clients when coming back from a netsplit. This can cause a large number
- * of DNS queries open at once. Whilst services are not drastically affected by this, your nameserver/DNSBL
- * might care.
- */
- check_on_netburst = no
- /*
- * If set, OperServ will add clients found in the DNSBL to the akill list. Without it, OperServ simply sends
- * a timed G/K-line to the IRCd and forgets about it. Can be useful if your akill list is being fill up by bots.
- */
- add_to_akill = yes
- blacklist
- {
- /* Name of the blacklist. */
- name = "rbl.efnetrbl.org"
- /* How long to set the ban for. */
- time = 4h
- /* Reason for akill.
- * %n is the nick of the user
- * %u is the ident/username of the user
- * %g is the realname of the user
- * %h is the hostname of the user
- * %i is the IP of the user
- * %r is the reply reason (configured below). Will be nothing if not configured.
- * %N is the network name set in networkinfo:networkname
- */
- reason = "You are listed in the efnet RBL, visit http://rbl.efnetrbl.org/?i=%i for info"
- /* Replies to ban and their reason. If no relies are configured, all replies get banned. */
- reply
- {
- code = 1
- reason = "Open Proxy"
- }
- #reply
- {
- code = 2
- reason = "spamtrap666"
- }
- #reply
- {
- code = 3
- reason = "spamtrap50"
- }
- reply
- {
- code = 4
- reason = "TOR"
- /*
- * If set, users identified to services at the time the result comes back
- * will not be banned.
- */
- #allow_account = yes
- }
- reply
- {
- code = 5
- reason = "Drones / Flooding"
- }
- }
- #blacklist
- {
- name = "dnsbl.dronebl.org"
- time = 4h
- reason = "You have a host listed in the DroneBL. For more information, visit http://dronebl.org/lookup_branded?ip=%i&network=%N"
- }
- /* Exempt localhost from DNSBL checks */
- exempt { ip = "127.0.0.1" }
- }
- /*
- * m_helpchan
- *
- * Gives users who are op in the specified help channel usermode +h (helpop).
- */
- #module
- {
- name = "m_helpchan"
- helpchannel = "#help"
- }
- /*
- * m_httpd
- *
- * Allows services to serve web pages. By itself, this module does nothing useful.
- *
- * Note that using this will allow users to get the IP of your services.
- * To prevent this we recommend using a reverse proxy or a tunnel.
- */
- #module
- {
- name = "m_httpd"
- httpd
- {
- /* Name of this service. */
- name = "httpd/main"
- /* IP to listen on. */
- ip = "0.0.0.0"
- /* Port to listen on. */
- port = 8080
- /* Time before connections to this server are timed out. */
- timeout = 30
- /* Listen using SSL. Requires an SSL module. */
- #ssl = yes
- /* If you are using a reverse proxy that sends one of the
- * extforward_headers set below, set this to its IP.
- * This allows services to obtain the real IP of users by
- * reading the forwarded-for HTTP header.
- */
- #extforward_ip = "192.168.0.255"
- /* The header to look for. These probably work as is. */
- extforward_header = "X-Forwarded-For Forwarded-For"
- }
- }
- /*
- * m_ldap [EXTRA]
- *
- * This module allows other modules to use LDAP. By itself, this module does nothing useful.
- */
- #module
- {
- name = "m_ldap"
- ldap
- {
- server = "ldap://127.0.0.1"
- /*
- * Admin credentials used for performing searches and adding users.
- */
- admin_binddn = "cn=Manager,dc=anope,dc=org"
- admin_password = "secret"
- }
- }
- /*
- * m_ldap_authentication [EXTRA]
- *
- * This module allows many commands such as IDENTIFY, RELEASE, RECOVER, GHOST, etc. use
- * LDAP to authenticate users. Requires m_ldap.
- */
- #module
- {
- name = "m_ldap_authentication"
- /*
- * The distinguished name used for searching for users's accounts.
- */
- basedn = "ou=users,dc=anope,dc=org"
- /*
- * The search filter used to look up users's accounts.
- * %account is replaced with the user's account.
- * %object_class is replaced with the object_class configured below.
- */
- search_filter = "(&(uid=%account)(objectClass=%object_class))"
- /*
- * The object class used by LDAP to store user account information.
- * This is used for adding new users to LDAP if registration is allowed.
- */
- object_class = "anopeUser"
- /*
- * The attribute value used for account names.
- */
- username_attribute = "uid"
- /*
- * The attribute value used for email addresses.
- * This directive is optional.
- */
- email_attribute = "email"
- /*
- * The attribute value used for passwords.
- * Used when registering new accounts in LDAP.
- */
- password_attribute = "userPassword"
- /*
- * If set, the reason to give the users who try to register with nickserv,
- * including nick registration from grouping.
- *
- * If not set, then registration is not blocked.
- */
- #disable_register_reason = "To register on this network visit http://some.misconfigured.site/register"
- /*
- * If set, the reason to give the users who try to "/msg NickServ SET EMAIL".
- * If not set, then email changing is not blocked.
- */
- #disable_email_reason = "To change your email address visit http://some.misconfigured.site"
- }
- /*
- * m_ldap_oper [EXTRA]
- *
- * This module dynamically ties users to Anope opertypes when they identify
- * via LDAP group membership. Requires m_ldap.
- *
- * Note that this doesn't give the user privileges on the IRCd, only in Services.
- */
- #module
- {
- name = "m_ldap_oper"
- /*
- * An optional binddn to use when searching for groups.
- * %a is replaced with the account name of the user.
- */
- #binddn = "cn=Manager,dc=anope,dc=org"
- /*
- * An optional password to bind with.
- */
- #password = "secret"
- /*
- * The base DN where the groups are.
- */
- basedn = "ou=groups,dc=anope,dc=org"
- /*
- * The filter to use when searching for users.
- * %a is replaced with the account name of the user.
- */
- filter = "(member=uid=%a,ou=users,dc=anope,dc=org)"
- /*
- * The attribute of the group that is the name of the opertype.
- * The cn attribute should match a known opertype in the config.
- */
- opertype_attribute = "cn"
- }
- /*
- * m_mysql [EXTRA]
- *
- * This module allows other modules to use MySQL.
- */
- #module
- {
- name = "m_mysql"
- mysql
- {
- /* The name of this service. */
- name = "mysql/main"
- database = "anope"
- server = "127.0.0.1"
- username = "anope"
- password = "mypassword"
- port = 3306
- }
- }
- /*
- * m_redis
- *
- * This module allows other modules to use Redis.
- */
- #module
- {
- name = "m_redis"
- /* A redis database */
- redis
- {
- /* The name of this service */
- name = "redis/main"
- /*
- * The redis database to use. New connections default to 0.
- */
- db = 0
- ip = "127.0.0.1"
- port = 6379
- }
- }
- /*
- * m_regex_pcre [EXTRA]
- *
- * Provides the regex engine regex/pcre, which uses the Perl Compatible Regular Expressions library.
- */
- #module { name = "m_regex_pcre" }
- /*
- * m_regex_posix [EXTRA]
- *
- * Provides the regex engine regex/posix, which uses the POSIX compliant regular expressions.
- * This is likely the only regex module you will not need extra libraries for.
- */
- #module { name = "m_regex_posix" }
- /*
- * m_regex_tre [EXTRA]
- *
- * Provides the regex engine regex/tre, which uses the TRE regex library.
- */
- #module { name = "m_regex_tre" }
- /*
- * m_rewrite
- *
- * Allows rewriting commands sent to/from clients.
- */
- #module { name = "m_rewrite" }
- #command
- {
- service = "ChanServ"; name = "CLEAR"; command = "rewrite"
- /* Enable m_rewrite. */
- rewrite = true
- /* Source message to match. A $ can be used to match anything. */
- rewrite_source = "CLEAR $ USERS"
- /*
- * Message to rewrite the source message to. A $ followed by a number, eg $0, gets
- * replaced by the number-th word from the source_message, starting from 0.
- */
- rewrite_target = "KICK $1 *"
- /*
- * The command description. This only shows up in HELP's output.
- * Comment this option to prevent the command from showing in the
- * HELP command.
- */
- rewrite_description = "Clears all users from a channel"
- }
- /*
- * m_proxyscan
- *
- * This module allows you to scan connecting clients for open proxies.
- * Note that using this will allow users to get the IP of your services.
- *
- * Currently the two supported proxy types are HTTP and SOCKS5.
- *
- * The proxy scanner works by attempting to connect to clients when they
- * connect to the network, and if they have a proxy running instruct it to connect
- * back to services. If services are able to connect through the proxy to itself
- * then it knows it is an insecure proxy, and will ban it.
- */
- #module
- {
- name = "m_proxyscan"
- /*
- * The target IP services tells the proxy to connect back to. This must be a publicly
- * available IP that remote proxies can connect to.
- */
- #target_ip = "127.0.0.1"
- /*
- * The port services tells the proxy to connect to.
- */
- target_port = 7226
- /*
- * The listen IP services listen on for incoming connections from suspected proxies.
- * This probably will be the same as target_ip, but may not be if you are behind a firewall (NAT).
- */
- #listen_ip = "127.0.0.1"
- /*
- * The port services should listen on for incoming connections from suspected proxies.
- * This most likely will be the same as target_port.
- */
- listen_port = 7226
- /*
- * An optional notice sent to clients upon connect.
- */
- #connect_notice = "We will now scan your host for insecure proxies. If you do not consent to this scan please disconnect immediately."
- /*
- * Who the notice should be sent from.
- */
- #connect_source = "OperServ"
- /*
- * If set, OperServ will add infected clients to the akill list. Without it, OperServ simply sends
- * a timed G/K-line to the IRCd and forgets about it. Can be useful if your akill list is being filled up by bots.
- */
- add_to_akill = yes
- /*
- * How long before connections should be timed out.
- */
- timeout = 5
- proxyscan
- {
- /* The type of proxy to check for. A comma separated list is allowed. */
- type = "HTTP"
- /* The ports to check. */
- port = "80,8080"
- /* How long to set the ban for. */
- time = 4h
- /*
- * The reason to ban the user for.
- * %h is replaced with the type of proxy found.
- * %i is replaced with the IP of proxy found.
- * %p is replaced with the port.
- */
- reason = "You have an open proxy running on your host (%t:%i:%p)"
- }
- }
- /*
- * m_sasl
- *
- * Some IRCds allow "SASL" authentication to let users identify to Services
- * during the IRCd user registration process. If this module is loaded, Services will allow
- * authenticating users through this mechanism. Supported mechanisms are:
- * PLAIN, EXTERNAL.
- */
- #module { name = "m_sasl" }
- /*
- * m_ssl_gnutls [EXTRA]
- *
- * This module provides SSL services to Anope using GnuTLS, for example to
- * connect to the uplink server(s) via SSL.
- *
- * You may only load either m_ssl_gnutls or m_ssl_openssl, bot not both.
- */
- #module
- {
- name = "m_ssl_gnutls"
- /*
- * An optional certificate and key for m_ssl_gnutls to give to the uplink.
- *
- * You can generate your own certificate and key pair by using:
- *
- * certtool --generate-privkey --bits 2048 --outfile anope.key
- * certtool --generate-self-signed --load-privkey anope.key --outfile anope.crt
- *
- */
- cert = "data/anope.crt"
- key = "data/anope.key"
- /*
- * Diffie-Hellman parameters to use when acting as a server. This is only
- * required for TLS servers that want to use ephemeral DH cipher suites.
- *
- * This is NOT required for Anope to connect to the uplink server(s) via SSL.
- *
- * You can generate DH parameters by using:
- *
- * certtool --generate-dh-params --bits 2048 --outfile dhparams.pem
- *
- */
- # dhparams = "data/dhparams.pem"
- }
- /*
- * m_ssl_openssl [EXTRA]
- *
- * This module provides SSL services to Anope using OpenSSL, for example to
- * connect to the uplink server(s) via SSL.
- *
- * You may only load either m_ssl_openssl or m_ssl_gnutls, bot not both.
- *
- */
- #module
- {
- name = "m_ssl_openssl"
- /*
- * An optional certificate and key for m_ssl_openssl to give to the uplink.
- *
- * You can generate your own certificate and key pair by using:
- *
- * openssl genrsa -out anope.key 2048
- * openssl req -new -x509 -key anope.key -out anope.crt -days 1095
- */
- cert = "data/anope.crt"
- key = "data/anope.key"
- /*
- * As of 2014 SSL 3.0 is considered insecure, but it might be enabled
- * on some systems by default for compatibility reasons.
- * You can use the following option to enable or disable it explicitly.
- * Leaving this option not set defaults to the default system behavior.
- */
- #sslv3 = no
- }
- /*
- * m_sql_authentication [EXTRA]
- *
- * This module allows authenticating users against an external SQL database using a custom
- * query.
- */
- #module
- {
- name = "m_sql_authentication"
- /* SQL engine to use. Should be configured elsewhere with m_mysql, m_sqlite, etc. */
- engine = "mysql/main"
- /* Query to execute to authenticate. A non empty result from this query is considered a success,
- * and the user will be authenticated.
- *
- * @a@ is replaced with the user's account name
- * @p@ is replaced with the user's password
- * @n@ is replaced with the user's nickname
- * @i@ is replaced with the user's IP
- *
- * Note that @n@ and @i@ may not always exist in the case of a user identifying outside of the normal
- * nickserv/identify command, such as through the web panel.
- *
- * Furthermore, if a field named email is returned from this query the user's email is
- * set to its value.
- *
- *
- * We've included some example queries for some popular website/forum systems.
- *
- * Drupal 6: "SELECT `mail` AS `email` FROM `users` WHERE `name` = @a@ AND `pass` = MD5(@p@) AND `status` = 1"
- * e107 cms: "SELECT `user_email` AS `email` FROM `e107_user` WHERE `user_loginname` = @a@ AND `user_password` = MD5(@p@)"
- * SMF Forum: "SELECT `email_address` AS `email` FROM `smf_members` WHERE `member_name` = @a@ AND `passwd` = SHA1(CONCAT(LOWER(@a@), @p@))"
- * vBulletin: "SELECT `email` FROM `user` WHERE `username` = @a@ AND `password` = MD5(CONCAT(MD5(@p@), `salt`))"
- * IP.Board: "SELECT `email` FROM `ibf_members` WHERE `name` = @a@ AND `members_pass_hash` = MD5(CONCAT(MD5(`members_pass_salt`), MD5(@p@)))"
- */
- query = "SELECT `email_addr` AS `email` FROM `my_users` WHERE `username` = @a@ AND `password` = MD5(CONCAT('salt', @p@))"
- /*
- * If set, the reason to give the users who try to "/msg NickServ REGISTER".
- * If not set, then registration is not blocked.
- */
- #disable_reason = "To register on this network visit http://some.misconfigured.site/register"
- /*
- * If set, the reason to give the users who try to "/msg NickServ SET EMAIL".
- * If not set, then email changing is not blocked.
- */
- #disable_email_reason = "To change your email address visit http://some.misconfigured.site"
- }
- /*
- * m_sql_log [EXTRA]
- *
- * This module adds an additional target option to log{} blocks
- * that allows logging Service's logs to SQL. To log to SQL, add
- * the SQL service name to log:targets prefixed by sql_log:. For
- * example:
- *
- * log
- * {
- * targets = "services.log sql_log:mysql/main"
- * ...
- * }
- *
- * By default this module logs to the table `logs`, and will create
- * it if it doesn't exist. This module does not create any indexes (keys)
- * on the table and it is recommended you add them yourself as necessary.
- */
- #module { name = "m_sql_log" }
- /*
- * m_sql_oper [EXTRA]
- *
- * This module allows granting users services operator privileges and possibly IRC Operator
- * privileges based on an external SQL database using a custom query.
- */
- #module
- {
- name = "m_sql_oper"
- /* SQL engine to use. Should be configured elsewhere with m_mysql, m_sqlite, etc. */
- engine = "mysql/main"
- /* Query to execute to determine if a user should have operator privileges.
- * A field named opertype must be returned in order to link the user to their oper type.
- * The oper types must be configured earlier in services.conf.
- *
- * If a field named modes is returned from this query then those modes are set on the user.
- * Without this, only a simple +o is sent.
- *
- * @a@ is replaced with the user's account name
- * @i@ is replaced with the user's IP
- */
- query = "SELECT `opertype` FROM `my_users` WHERE `user_name` = @a@"
- }
- /*
- * m_sqlite [EXTRA]
- *
- * This module allows other modules to use SQLite.
- */
- #module
- {
- name = "m_sqlite"
- /* A SQLite database */
- sqlite
- {
- /* The name of this service. */
- name = "sqlite/main"
- /* The database name, it will be created if it does not exist. */
- database = "anope.db"
- }
- }
- /*
- * webcpanel
- *
- * This module creates a web configuration panel that allows users and operators to perform any task
- * as they could over IRC. If you are using the default configuration you should be able to access
- * this panel by visiting http://127.0.0.1:8080 in your web browser from the machine Anope is running on.
- *
- * This module requires m_httpd.
- */
- #module
- {
- name = "webcpanel"
- /* Web server to use. */
- server = "httpd/main";
- /* Template to use. */
- template = "default";
- /* Page title. */
- title = "Anope IRC Services";
- }
- /*
- * m_xmlrpc
- *
- * Allows remote applications (websites) to execute queries in real time to retrieve data from Anope.
- * By itself this module does nothing, but allows other modules (m_xmlrpc_main) to receive and send XMLRPC queries.
- */
- #module
- {
- name = "m_xmlrpc"
- /* Web service to use. Requires m_httpd. */
- server = "httpd/main"
- }
- /*
- * m_xmlrpc_main
- *
- * Adds the main XMLRPC core functions.
- * Requires m_xmlrpc.
- */
- #module { name = "m_xmlrpc_main" }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement